def on_get(self,
req: falcon.Request,
resp: falcon.Response,
username: str = None):
if username is None:
if not req.context["user"].is_admin:
raise falcon.HTTPForbidden(
"Forbidden", "Insufficient privileges for operation.")
user = User.select(
User.username,
User.is_active,
User.is_admin,
User.is_manager,
User.created_on,
)
resp.media = {"users": list(user.dicts())}
else:
user = User.get_or_404(User.username == username)
if not req.context[
"user"].is_admin and req.context["user"].id != user.id:
raise falcon.HTTPForbidden(
"Forbidden", "Insufficient privileges for operation.")
resp.media = {
"user":
user.to_dict([
"username", "is_active", "is_admin", "is_manager",
"created_on"
])
}
def test_user_get_by_basic_auth_none(client):
username = "******"
password = "******"
u = User(username=username)
u.token = "test-token"
u.is_active = False
u.set_password(password)
u.save()
assert User.get_by_basic_auth(username=username, password=password) is None
def test_user_get_by_basic_auth_not_none(client):
username = "******"
password = "******"
u = User(username=username)
u.token = "test-token"
u.is_active = True
u.set_password(password)
u.save()
u2 = User.get_by_basic_auth(username=username, password=password)
assert u2 is not None
assert u.id == u2.id
def on_put(self,
req: falcon.Request,
resp: falcon.Response,
username: str = None):
user = User.get_or_404(User.username == username)
if not req.context[
"user"].is_admin and req.context["user"].id != user.id:
raise falcon.HTTPForbidden(
"Forbidden", "Insufficient privileges for operation.")
is_admin = req.media.get("is_admin", None)
is_manager = req.media.get("is_manager", None)
is_active = req.media.get("is_active", None)
if req.context["user"].id == user.id and (is_admin is not None
or is_manager is not None
or is_active is not None):
raise falcon.HTTPForbidden("Forbidden",
"Can not modifiy own attributes.")
password = req.media.get("password", None)
if password is not None:
user.set_password(password)
if is_admin is not None:
user.is_admin = is_admin
if is_manager is not None:
user.is_manager = is_manager
if is_active is not None:
user.is_active = is_active
user.save()
resp.media = {"status": "Success", "message": "User updated."}
def test_iplistitemresource_on_get_found(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
resp = client.simulate_get(
"/api/test/iplists/test-list/items",
headers={"Authorization": f"Token {superuser}"},
)
assert resp.status_code == 200
def test_iplistresource_on_delete_ok(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
resp = client.simulate_delete(
"/api/test/iplists/test-list", headers={"Authorization": f"Token {superuser}"}
)
assert resp.status_code == 200
assert resp.json["status"] == "Success"
def test_iplistresource_on_post_bad(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
json = {"name": "test-list"}
resp = client.simulate_post(
"/api/test/iplists", headers={"Authorization": f"Token {superuser}"}, json=json
)
assert resp.status_code == 400
def test_user_get_by_token_not_none(client):
u = User(username="******")
u.token = "test-token"
u.is_active = True
u.save()
u2 = User.get_by_token("test-token")
assert u2 is not None
assert u2.id == u.id
def on_delete(self,
req: falcon.Request,
resp: falcon.Response,
username: str = None):
user = User.get_or_404(User.username == username)
if req.context["user"].id == user.id:
raise falcon.HTTPBadRequest("Bad Request", "Can not delete self.")
user.delete_instance()
resp.media = {"status": "Success", "message": "User deleted."}
def test_iplistitemresource_on_post_all_new(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
json = {"ips": ["1.1.1.1", "9.9.9.9"], "note": "test note"}
resp = client.simulate_post(
"/api/test/iplists/test-list/items",
headers={"Authorization": f"Token {superuser}"},
json=json,
)
assert resp.status_code == 201
assert ListItem.select().count() == 2
assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 2
def test_iplistitemresource_on_post_notes(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
json = {"ips": ["1.1.1.1"], "note": "test note "}
resp = client.simulate_post(
"/api/test/iplists/test-list/items",
headers={"Authorization": f"Token {superuser}"},
json=json,
)
assert resp.status_code == 201
ip = ListItem.get(ip="1.1.1.1")
list_item = IPListItem.get(id=1)
assert list_item.note == "test note"
def on_get(self, req: falcon.Request, resp: falcon.Response,
username: str):
try:
user = User.get(username=username)
if not req.context[
"user"].is_admin and req.context["user"].id != user.id:
raise falcon.HTTPForbidden(
"Forbidden", "Insufficient privileges for operation.")
resp.media = {"token": user.token}
except DoesNotExist:
raise falcon.HTTPNotFound()
def on_post(self, req: falcon.Request, resp: falcon.Response):
if User.select().where(User.is_admin).count() > 0:
raise falcon.HTTPBadRequest("Bad Request",
"App already initialized.")
token = create_user(
username=req.media.get("username"),
password=req.media.get("password"),
is_admin=True,
)
resp.status = falcon.HTTP_201
resp.media = {
"status": "Success",
"token": token,
"message": "First admin user created.",
}
def test_iplistitemresource_on_delete_remove_some(client, superuser):
ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
ip_list.save()
json = {"ips": ["1.1.1.1", "2.2.2.2"], "note": "test note"}
resp = client.simulate_post(
"/api/test/iplists/test-list/items",
headers={"Authorization": f"Token {superuser}"},
json=json,
)
assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 2
json = {"ips": ["2.2.2.2"]}
resp = client.simulate_delete(
"/api/test/iplists/test-list/items",
headers={"Authorization": f"Token {superuser}"},
json=json,
)
assert resp.status_code == 200
assert resp.json["count_removed"] == 1
assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 1
def test_user_str():
u = User(username="******")
assert str(u) == "tester"
def test_user_get_by_token_none(client):
u = User(username="******")
u.token = "test-token"
u.is_active = False
u.save()
assert User.get_by_token("test-token") is None